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— The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )M Responsive to communication(s) filed on 16 July 2001 . 
2a)D This action is FINAL. 2b)l3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-27 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |3 Claim(s) 1-27 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) S The specification is objected to by the Examiner. 

10)13 The drawing(s) filed on 16 July 2001 is/are: a)D accepted or b)l3 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Maii Date. . 

3) M Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) d Notice of Informal Patent Application (PTO-1 52) 

Paper No(s)/Mail Date see attached . 6) d Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 1-04) 
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DETAILED ACTION 



Drawings 

1 . Figures 1 and 2 should be designated by a legend such as -Prior Art- because 
only that which is old is illustrated. The applicant discusses those figures in the 
background of the invention that is known in the prior art. See MPEP § 608.02(g). 
Corrected drawings in compliance with 37 CFR 1 .121(d) are required in reply to the 
Office action to avoid abandonment of the application. The replacement sheet(s) should 
be labeled "Replacement Sheet" in the page header (as per 37 CFR 1 .84(c)) so as not 
to obstruct any portion of the drawing figures. If the examiner does not accept the 
changes, the applicant will be notified and informed of any required corrective action in 
the next Office action. The objection to the drawings will not be held in abeyance. 



Specification 

2. Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 1 50 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," "The disclosure 
describes," etc. 
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It is noted by the examiner that the applicant's abstract exceeds the 150 word 
limit and needs to be amended accordingly. 

3. The disclosure is objected to because it contains an embedded hyperlink and/or 
other form of browser-executable code. Applicant is required to delete the embedded 
hyperlink and/or other form of browser-executable code. See MPEP § 608.01 . On page 

3. line 5, reference is made to a URL specifying the protocol to access a resource on a 
web page. 

Information Disclosure Statement 

4. The information disclosure statement (IDS) submitted on July 16 t 2001 is in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the examiner is 
considering the information disclosure statement. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1-27 are rejected under 35 U.S.C. 102(b) as being anticipated by Richter 
et al, U.S. Patent 5,598,553. 
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As per claim 1 , the teachings of Richter et al disclose of a page fault proxy 
handler for connection to an original page fault handler and a paging table in which 
supervisor flags for all entries for all writable memory pages have been pre-set. A page 
fault detector, a mitigation module, a page fault filter, connected to the page fault 
detector, wherein the filter passes to the original page fault handler page faults not 
arising from an attempt to access a writable page by a user mode program. 
A controlled memory access module, wherein the controlled memory access module 
permits a user program to access a writable page of memory by changing an 
associated supervisor flag in the paging table. An execution address checker, 
connected to the page fault filter, the mitigation module and the controlled memory 
access module, wherein the execution address checker passes to the mitigation module 
only page faults arising from an attempt by a user mode program to execute from a 
predetermined section of executable memory, and wherein the execution address 
checker passes to the controlled memory access module page faults arising from any 
other attempt by a user mode program to access a writable page (col. 4, lines 10-16; 
col. 7, lines 41-48; col. 8, lines 3-7; and col. 14, lines 17-24). 

As per claim 2, Richter et al discloses of the paging cache is a data translation 
lookaside buffer (col. 5, lines 39-42). 

As per claim 3, it is taught by Richter et al that the predetermined section of 
executable memory is a stack (col. 4, lines 3-16 and as shown in Figure 3). 

As per claim 4, Richter et al discloses of a predetermined section of executable 
memory is all executable memory (col. 4, lines 3-16 and as shown in Figure 3). 
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As per claim 5, Richter teaches that the mitigation module comprises a code 
termination module (col. 5, lines 12-14). 

As per claim 6, the page fault proxy handler of claim 1 wherein the mitigation 
module comprises a logging module (col. 14, lines 1-15). 

As per claim 7, the teachings of Richter et al disclose of usage of an IA-32 
microprocessor (col. 1, lines 34-49). 

As per claim 8, Richter et al discloses of a method for handling page faults, for use 
with an original page fault handler. Setting a supervisor flag in a page entry table 
associated with a writable page, detecting a page fault. Determining whether the page 
fault arises from an attempt by a user mode program to access the writable page having 
the associated supervisor flag set. Conditionally calling the original page fault handler 
on the basis of the determining step (col. 4, lines 10-16; col. 7, lines 41-48; col. 8, lines 
3-7; and col. 14, lines 17-24). 

As per claim 9, it is disclosed by Richter et al of providing a page fault proxy 
handler that performs the detecting determining and conditionally calling steps (col. 14, 
lines 17-24). 

As per claim 10, it is taught by Richter et al of launching the page fault proxy 
handler with one or more runtime options (col. 6, lines 17-28 and col. 14, lines 17-42). 

As per claim 1 1 , Richter et al discloses that the runtime options affect the 
performance overhead of the page fault proxy handler (col. 6, lines 17-28 and col. 14, 
lines 17-42). 
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As per claim 12, Richter et al discloses of determining whether the page fault was 
caused by an attempt to execute from the page (col. 4, lines 10-12). 

As per claim 13, Richter et al discloses that the page fault is associated with a 
fault address, and wherein the step of determining whether the page fault was caused 
by an attempt to execute from the page comprises comparing the fault address to the 
contents of an instruction pointer (col. 4, lines 10-16 and col. 12, lines 50-53). 

As per claim 14, Richter et al teaches that if the page fault was not caused by an 
attempt to execute from the page, then clearing the supervisor flag in a paging cache 
associated with the page. Accessing the page after the clearing step and setting the 
supervisor flag after the accessing step (col. 4, lines 10-24). 

As per claim 15, Richter et al discloses that the paging cache is a data translation 
lookaside buffer (col. 5, lines 39-42). 

As per claim 16, it is disclosed by Richter et al of terminating the user mode 
program, if the page fault was caused by an attempt to execute from the page (col. 4, 
lines 10-16). 

As per claim 17, Richter et al teaches of injecting termination code in the user 
mode program and changing a return address (col. 4, lines 10-24). 

As per claim 18, the teachings of Richter et al disclose of prompting an operator 
whether to terminate the user mode program and accepting a response from the 
operator (col. 4, lines 10-16). 

As per claim 1 9, Richter et al teaches of logging an event, if a fault address equals 
a current execution address (col. 14, lines 1-15). 
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As per claim 20, Richter et al discloses of determining whether the page fault 
arises in a predetermined section of memory (col. 4, lines 10-16). 

As per claim 21 , Richter et al discloses that the predetermined section of memory 
is all memory (col. 4, lines 3-16 and as shown in Figure 3). 

As per claim 22, it is taught by Richter et al that the predetermined section of 
memory is a stack (col. 4, lines 3-16 and as shown in Figure 3). 

As per claim 23, Richter et al teaches of checking whether the page fault is for an 
existing page of memory (col. 4, lines 10-12). 

As per claim 24, it is taught by Richter et al of checking whether the page fault is 
for a kernel page of memory (col. 4, lines 12-16). 

As per claim 25, the teachings of Richter et al disclose of using an IA-32 
microprocessor (col. 1 , lines 34-49). 

As per claim 26, it is taught by Richter et al of an apparatus for use with an original 
page fault handler. Means for setting a supervisor flag in a page table associated with a 
writable page. Means for detecting a page fault. Means for determining whether the 
page fault arises from an attempt by a user mode program to access the writable page 
having the associated supervisor flag set. Means for conditionally calling the original 
page fault handler on the basis of the determining step (col. 4, lines 10-16; col. 7, lines 
41-48; col. 8, lines 3-7; and col. 14, lines 17-24). 

As per claim 27, Richter et al discloses of a computer readable medium on which 
is embedded computer software, the software performing a method for handling page 
faults, for use with an original page fault handler. Setting a supervisor flag in a page 
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entry table associated with a writable page and detecting a page fault. Determining 
whether the page fault arises from an attempt by a user mode program to access the 
writable page having the associated supervisor flag set. Conditionally calling the 
original page fault handler on the basis of the determining step (col. 4, lines 10-16; col. 
7, lines 41-48; col. 8, lines 3-7; and col. 14, lines 17-24). 



Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Talluri et al, "A new page table for 64-bit address spaces" disclose of clustered 
page tables. 

Denning, "Virtual Memory" disclose of program modularity, machine 
independence, and resource sharing. 

Shinagawa et al, "Exploiting segmentation mechanism for protecting against 
malicious mobile code" disclose of confining access by mobile code in authorized areas. 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 571- 
272-3794. The examiner can normally be reached on Monday-Friday, 6:30am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Christopher Revak 
AU2131 



CR 





